Read Time:4 Second
The resignation of CEO Shalev Hulio will see COO Yaron Shohat take the helm
Monthly Archives: August 2022
CVE-2020-27834
Read Time:9 Second
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Brute Ratel: The New Red Teaming Tool Coopted by CTAs
Read Time:6 Second
The CTI team at the MS-ISAC has witnessed cyber threat actors (CTAs) abusing the Brute Ratel adversary simulation software.
CVE-2020-27836
Read Time:17 Second
A flaw was found in cluster-ingress-operator. A change to how the router-default service allows only certain IP source ranges could allow an attacker to access resources that would otherwise be restricted to specified IP ranges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability..
Escanor RAT Malware Deployed Via Microsoft Office and PDF Documents
Read Time:6 Second
The malware was first released for sale on January 26, 2022 as an HVNC implant, but later evolved
Threat Actor Deploys Raven Storm Tool to Perform DDoS Attacks
Read Time:5 Second
The malware is reportedly capable of server takedown, Wi-Fi attacks and application layer attacks
Lloyd’s of London to exclude state-backed attacks from cyber insurance policies
Read Time:1 Minute, 0 Second
Insurance marketplace Lloyd’s of London is set to introduce cyber insurance exclusions to coverage for “catastrophic” state-backed attacks from 2023. In a market bulletin published on August 16, 2022, Lloyd’s stated that whilst it “remains strongly supportive of the writing of cyberattack cover” it recognizes that “cyber-related business continues to be an evolving risk.” Therefore, the company will require all its insurer groups to apply a suitable clause excluding liability for losses arising from any state-backed cyberattack in accordance with several requirements. The move is reflective of a maturing and quickly evolving cyber insurance market.
Nation-state attacks pose systemic risk to insurers
In its bulletin, Lloyd’s of London wrote that it consistently emphasizes that underwriters need to be clear in their wordings as to the cover they are providing, with clarity surrounding cyberattacks involving state-backed actors of particular importance. “When writing cyberattack risks, underwriters need to take account of the possibility that state-backed attacks may occur outside of a war involving physical force. The damage that these attacks can cause and their ability to spread creates a similar systemic risk to insurers.”
Mac users urged to update Zoom, after security patch released for previously-flawed security patch
Read Time:12 Second
Zoom users on macOS are being told once again to update their copy of the video-conferencing software after a security hole was found that could be exploited by hackers.
Read more in my article on the Hot for Security blog.
Hyundai Uses Example Keys for Encryption System
Read Time:40 Second
This is a dumb crypto mistake I had not previously encountered:
A developer says it was possible to run their own software on the car infotainment hardware after discovering the vehicle’s manufacturer had secured its system using keys that were not only publicly known but had been lifted from programming examples.
[…]
“Turns out the [AES] encryption key in that script is the first AES 128-bit CBC example key listed in the NIST document SP800-38A [PDF]”.
[…]
Luck held out, in a way. “Greenluigi1” found within the firmware image the RSA public key used by the updater, and searched online for a portion of that key. The search results pointed to a common public key that shows up in online tutorials like “RSA Encryption & Decryption Example with OpenSSL in C.“
java-latest-openjdk-18.0.2.0.9-1.rolling.el7
Read Time:8 Second
FEDORA-EPEL-2022-21ae60f43a
Packages in this update:
java-latest-openjdk-18.0.2.0.9-1.rolling.el7
Update description:
CPU update for JDK latest